Command Injection Vulnerability in ZTE ZENIC ONE R58 Products
CVE-2024-22063

9CRITICAL

Key Information:

Vendor: Zte
Status: Zenic One R58
Vendor: CVE Published:; 30 December 2024

What is CVE-2024-22063?

The ZTE Corporation's ZENIC ONE R58 products exhibit a vulnerability that allows an authenticated attacker to perform command injection. By exploiting this flaw, an attacker can manipulate messages and inject harmful code into the system. This exploitation can lead to further attacks on other devices linked to the compromised system, creating a significant security risk. Immediate patching and vulnerability management are crucial for safeguarding the integrity of affected systems.

Affected Version(s)

ZENIC ONE R58 0

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bullet...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 30, 2024
Vulnerability Reserved
Jan 5, 2024

JSON

Zte

What is CVE-2024-22063?

Affected Version(s)

References

CVSS V3.1

Timeline